Book Review: The Car Hacker’s Handbook

The automotive community is abuzz about hackable vehicles and consumers are becoming increasingly aware that their cars may be at-risk for cyberattacks. Auto manufacturers have been slow to implement safeguards, however, and new models rolling off production lines are becoming increasingly interconnected without many of the protections available on today’s computers. A book by renowned car hacking security expert, Craig Smith, “The Car Hacker’s Handbook: A Guide for the Penetration Tester,” provides insightful details about how our vehicles are vulnerable to attacks by experienced hackers.

The growing concern from consumers has made hacking synonymous with negativity in popular culture – however by providing a basis for those interested in exploring the inner workings of today’s automobiles, Smith’s guide can bring more automotive security experts into the field, which can help make the vehicles of tomorrow safer for us all.

While modern automobiles have become considerably more advanced in the past two decades, a number of manufacturers source their software development from the same third-party vendors. These vendors rely on securing their software by not revealing their code to the public, which Smith calls “security through obscurity.” Keeping the coding a secret – rather than opening it up to public criticism from outside cybersecurity experts – creates an opportunity for hackers to analyze and reverse engineer computer systems through trial and error.

Areas described as “attack surfaces” in the book refer to different ways that commands can enter a vehicle’s communication systems through cellular connections, Wi-Fi, key fobs, tire pressure monitor sensors, infotainment consoles, USB, Bluetooth and even the vehicle’s controller area network!

All of these connections can make a vehicle vulnerable, but the most susceptible of all is the in-vehicle infotainment system – these systems often are loaded with vulnerabilities and can provide hackers remote access to a vehicle’s computer, according to Smith.

Attack surfaces offer hackers a way into a vehicle, but there are things car owners can do to reduce their risk of falling victim to a vehicle hack. Disabling unused wireless services, disconnecting any monitoring dongles from the ODBII port when the vehicle isn’t in use and storing keys in a metal drawer at night will all help protect you.

Smith notes that a new, growing area of concern for automotive cybersecurity experts is the new age of vehicle-to-vehicle communication, where potentially malicious code can be received from another automobile while on the road. This rapidly developing tech is an area that may provide experts with an opportunity to collaborate in order to secure the systems of tomorrow, and Smith’s book may very well serve as a useful resource for cybersecurity experts.

Learn more about how you can minimize risks associated with vehicle hacking: